package CanvaWeb.CanvaWeb;

import CanvaWeb.CanvaWeb.filter.RequestLoggingFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/room/{roomId}",
                        "/room/{roomId}/start-game",
                        "/room/{roomId}/users/{userId}/role",
                        "/room/{roomId}/drawings/upload",
                        "/room/{roomId}/drawings/latest",
                        "/room/{roomId}/status",
                        "/user/login",
                        "/user/**",
                        "/user/register",
                        "/user/update",
                        "/user/health",
                        "/game/words",
                        "/drawings/upload",
                        "/room/create",
                        "/room/{roomId}/join",
                        "/room/list",
                        "/room/match",
                        "/actuator/health",
                        "/room/{roomId}/messages", // 添加获取房间聊天记录的接口
                        "/room/{roomId}/messages/**"
                ).permitAll() // 允许公开访问的接口
                .anyRequest().authenticated() // 其他接口需要认证
                .and()
                .addFilterBefore(new RequestLoggingFilter(), UsernamePasswordAuthenticationFilter.class)
                .csrf().disable(); // 如果使用 REST API，建议禁用 CSRF
        return http.build();
    }
}

